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Abstract 

We present a process algebra based approach to formalize the interactions of com- 
puting devices such as the representation of policies and the resolution of conflicts. 
As an example we specify how promises may be used in coming to an agreement 
regarding a simple though practical transportation problem. 
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1 Introduction 



The mechanism of an autonomous agent announcing a promise towards an- 
other agent is a powerful organizational principle in the setting of computer 
networks. Several approaches have been used in the past to formahze such 
interactions of computing devices as a representation of pohcies and a resolve 
of conflicts: Burgess and Fagernes [7] represent them as graphs, Prakken and 
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Sergot [13,14] use temporal deontic logic, Lupu and Sloman [10] propose role 
theory, Glasgow et al. [9] modal logic, Bandera et al. [3] event calculus and 
Lafuente and Montanari [11] model checking. In this paper we use process al- 
gebra [4] for the formalization of a restricted set of aspects of promises paying 
attention to the sequential ordering of promises between a number of par- 
ties. As an example we specify how promises may be used in coming to an 
agreement regarding a simple though practical transportation problem. 

In the world of process algebra we can label certain communications as promises 
if that makes sense intuitively. Process algebra formalisms will not provide 
very sharp distinctions that set apart promise acts from all other conceivable 
actions, however. Modal logics are in principle better suited for the task to 
capture what is specific about promises, but process algebras may be more 
helpful to formalize the role that promises can play in specific multi-agent 
systems. The justification of the process algebra framework for promises is 
therefore as follows: 

(1) to provide clear and formalized cases of the use of promises in some 
protocols that occur within multi-agent systems, 

(2) to support the design and analysis of distributed protocols that make use 
of promises made by autonomous agents. 

The process algebra framework cannot, by nature, characterize the concept of 
a promise in its logical essence. That is a much harder task and requires the 
design of specific versions of deontic logic. 



2 A data type for task bodies 

The data type for task bodies is depicted in Figure 1. 

TB is assumed to be a finite set of primitives which fall into two basic com- 
plementary categories, namely into tasks for giving or taking, or services and 
usage. We distinguish the atom 7 — the special task of compliance. Atomic 

tasks are assumed services rather than uses and positive, i.e. , not negated . 
Two operations ~, -> : TB — > TB on tasks are then considered: 

(1) (usage) if x is a task then ^ is the task of making use of x as performed 
by another agent, and 

(2) (negation) if x is a task then -^x is the task of not doing x. 

Moreover, s,p : TB — > B specify the properties service and positive. The 
interaction of these operations satisfies the laws in Figure 2. Note that -1 is 

^ In [6,7] the use of a x is denoted by —x or U{x) instead of ^x. 
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Fig. 1. Data type for task bodies 
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Fig. 2. Interaction of usage, negation and service 

overloaded in the sense that it acts as negation on tasks and on Booleans. The 
actual meaning, however, will always be clear from the context. 

In general, promises can be viewed as declarations to keep certain tuples of 
data within a given range of values. Promises are thus typed. We therefore 
assume a collection of types, T, and a typing function t : TB T providing 
types for task bodies. Given a service x, we assume that types do not differ 
under usage or negation, i.e., 

t{n^x) = t{x) = t{^x). 

Furthermore, since promises can be incompatible with each other we assume a 
symmetric incompatibility relation # : TBxTB B. We write x^y — instead 
of ^{x, y) — true — if x and y cannot both be realized at the same time by 
the same agent. Only tasks of similar type can exclude one another. Moreover, 
tasks are incompatible with their negations. For incompatible tasks x and y, 
however, x will be compatible with -^y. Observe that -'{xjj^x) is derivable from 
the axiom and the third rule in Figure 3 using the law of double negation shift. 



3 



y^x t{x) = t{y) ^{x^^y) 



Fig. 3. Laws of incompatibility 
3 A transition system for promises 

Let A be a partially ordered set containing so-called agents. For agents a, 6 e 
A, we write a < 6 if a is subordinated to b. We denote a promise x between 
arbitrary autonomous agents a and b — while being unspecific about how and 
when they are made — by 

a > b. 

For X e TB with s{x) — true = p{x) we distinguish the 4 kinds of promises 
given in Figure 4 where 
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Fig. 4. Promised exchanges of services x between autonomous agents a and b 

(1) a promises b to provide its service x, 

(2) a promises b to make use of its service x, 

(3) a promises b not to provide its service x, and 

(4) a promises b not to make use of its service x. 

We tacitly assume that promises are equal under equal tasks, i.e., that 

X — y ^ a > b — a > b. 

One can generalize this basic notation of promise exchange to a more expres- 
sive system where agents can make promises about what other agents might 
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do — provide a service or make use of. A generalized notation of the form 

■k:x 

a[c\ > h[a\ 

denotes that 'a promises h that c will do x for cf . The autonomously made 
promises in Figure 4 are then equivalent to their more general notations 

a[a\ > h\b\ . 

it:x 

If c < a and a[c\ > b[d], then the promise by a implies an obligation for c. 

Autonomous agents, however, ought not to be obliged to anything. 

Another interaction between autonomous promises and the more general kind 
of promises is given by the so-called compliance promise between agent c and 

a, 

7r:7 

c > a, 

where c promises to comply with a. We then have 

w.x 7r:7 n:x 

a[c] > b[a] , c > a c > d. 

One can consider the even more general notation 

a[ci, . . . , Cn] > b[di, ...,dm] 

denoting that 

(1) 'a promises b that one of Ci,...,c„ wil do x for some one amongst 
di, . . . , dm! if X is a service, or 

(2) 'a promises b that one of Ci, . . . , c„ will make use of x as done by one 
amongst di, . . . , d^' if a; is a usage 

provided x is positive. In the negative case none of Ci, . . . , c„ wil do x for any 
of di, . . . , dm etc. 

■k:x 

In distributed systems design it is unhelpful to use either a[c\ > b or 

a[c] > b[d\. If these occur in a design they should and usually can be 

translated into small protocols using voluntary promises only. In the sequel 
we will therefore focus on promises of the basic form made by autonomous 
agents forgetting about the general notion of promises. 

We will model states as sets of basic promises that do not conflict together with 
transition rules that describe the development of such states. The presence of 
a single promise 

7r:x 

a > b 
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is written as Pa,bix) and promises are combined by the promise set composition 
operator ©. 



A transition rule for a basic promise has one of the two forms 

S 

S ®a 



P'''a,b{x) — iprj promise introduction 



or 



where 



pWa,b{x) promise withdrawal 

Sea — b 



(1) S is a state, i.e., a set of non-conflicting basic promises, 

(2) the promise introduction pia,b{x) labels the transition rule with the an- 

■k:x 

nouncement that introduces the promise a > b, 

(3) the promise withdrawal pwa,b{x) labels the transition rule with the speech 

act that withdraws the promise a > b, 

■K-.X 

(4) © combines the state S with the promise a > b yielding a new state, 

and 

■K-.X 

(5) removes the promise a b from the state S yielding a new state. 



Since states are sets of non-conflicting promises, a promise introduction event 
(that is an application of the promise introduction rule) is applicable only if the 

conclusion of the rule is a set of non-confiicting promises, i.e., if for all a > 

c G 5, Here we assume that an autonomous agent is itself responsible 

for making no promises that would require performing incompatible tasks 
('breaking its own promises' is Burgess' nomenclature in [6]). 

This system can be generalized to generalized promises. A typical rule in this 
format is of the form 

7r:7 

, . S®c >a 

P^a\c\-^h\d\\^) 



•7r:7 -k:x 

S®c >a®c >d 



In addition to incompatibility we now introduce exclusiveness E : TB B 
marking tasks that cannot be served to or consumed from two different agents 

it:x 7t:x 

at the same time. This will mean that a > b and a > c with b c can 

never be kept if E{x) — true — and should not both be made either. In the 
presence of exclusiveness, the promise event rule takes the conditional format 

g 

{E{x) -^Mc^b -'PaA^)) ^ Pia,b{^) ^ , 

S ®a > b 

Note that exclusiveness is not related to incompatibility: 'taking a train' and 
'taking a car' are conflicting tasks; 'being driven by' 6, however, excludes 'being 
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driven by' c. 



4 An example 

We now consider an ACP-style process algebra with the standard operators 
+ , ■, II for choice, sequential and parallel composition (cf. [2,8]), and conditional 
guards (cf. e.g. [1]) based on atomic actions like pia,h{^) and pWa,b{x). In such 
a setting a protocol, Pa,b{x), that describes a plausible course of actions for 

it:x 

introducing a promise a > b can be given by 

+ 

Pib,a{~^^^) ■ {Pwa,b{^) II PWb,a{-^^x)) 

) 

Here is an example from our recent experience. The autonomous agents Jan, 
Jiirgen, and Mark consider the task of transport by car to the Jacobs Univer- 
sity Bremen (JUB), i.e., 

(1) A — {ja, ju,ma}, and 

(2) TB = {tbc2JUB, ^tbc2JUB, ^tbc2JUB, ^^tbc2JUB}. 

Since one cannot be transported in 2 different cars at the same time and by 2 
different people, ^tbc2JUB is exclusive, i.e., 

E{^tbc2JUB). 

A possible execution of Pja,ma{tbc2JUB) \\ Pju^jna{tbc2JUB) is given by the 
trace 

pija,ma{tbc2JUB) 
pima,ja{'^tbc2JUB) 

piju,maitbc2JUB) 

pima,ju{^^tbc2JUB) ■ 

pWju,ma{tbc2JUB) 
pWma,juh^tbc2JUB). 

On an intuitive level, the trace can be described as follows: Initially Jan 
promises Mark a lift to JUB which Mark accepts. Then Jiirgen makes this 
promise too which Mark — because of the exclusiveness of this task — declines. 
Thereupon Jiirgen withdraws his offer and Mark his declination. 
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This kind of example can typically be found in data centre management: 
renaming the agents and tasks to 



(1) A' = {userJSPAJSPB}, and 

(2) TB' — {transport packets, . . .} 

we derive an example of choosing a supplier for e.g. packet transport, power/elec- 
tricity etc. Promises are then exclusive if ISPA and ISPB are competitors, for 
instance. 



5 Conclusion 

We have provided the outline of a process algebra based framework for promise 
theory. Using this algebra in combination with conditional guards one can for- 
malize — as other approaches do — how promises might be used in coming to 
an agreement. However, in contrast to the static approaches to promise theory 
mentioned in the introduction, in the here chosen framework — the algebra of 
communicating processes ACP — the interaction of promises and the resolu- 
tion of conflicts can be modelled in a dynamic way. 

This formalization is treating promises at a meta-level. There are also under- 
lying events or processes that the promises suppress — we do not talk about 
how the promises are kept, or comment on their reliability; that is a different 
matter. Thus our description is at a promise management level. At that level 
we could say it describes an autonomous process. 
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